Google touts privacy as it readies social-networking features, and fires engineer who snooped on users

Google has had an awkward week when it comes to its users' privacy. Just as it was touting recent changes to its privacy tools and policies, word leaked out that (a) one of its engineers had snooped on Google users and (b) the company plans to introduce a new set of social-networking features.

That's not the timing the company could have wanted when it began booking ads for its "privacy tools" (there might be one right above this post) and inviting tech reporters to stop by its D.C. offices for a series of briefings.

I paid one such visit Tuesday, and I was surprised to learn a thing or two in the process. I had either overlooked or forgotten how you can pause Google's recording of your search history (if you have a Google Account and are signed into it) and then edit that search history. By virtue of not using Google Latitude, I didn't know that you could use that service to mislead others about your location. And I would not have guessed that one of seven visitors to Google's Ad Preferences Manager uses that page's opt-out feature to stop Google from tailoring ads to his or her eperceived interests.

But Google's privacy policies still fall short of providing what I want to know most: just how far your data can flow in and beyond its organization. When I add an event in Google Calendar, I'd like to see what other Google services will be informed by the knowledge that I've got a flight out of Dulles in the morning.

A different issue with privacy on Google emerged that afternoon, when Gawker reported that Google had dismissed an engineer who had snooped on friends using its services:

David Barksdale, a 27-year-old former Google engineer, repeatedly took advantage of his position as a member of an elite technical group at the company to access users' accounts, violating the privacy of at least four minors during his employment, we've learned.

Google quickly confirmed that it had fired Barksdale and had stepped up its security rules. A PR statement said the company was "significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective."

I'm told that Barksdale's exploits make him only two of a kind at the company, and that the company has cut down on the number of people who may access users' data to ensure that things are working correctly. (Like it or not, that's a normal part of networked systems; if you want to guarantee that nobody can peek at your information on their server, encrypt it first.)

But Google wouldn't say whether it planned to press charges against Barksdale or whether it had plans to make other changes to how it screens and monitors employees assigned to these sensitive tasks.

Finally, on Wednesday Google chief executive Eric Schmidt confirmed what many observers of the company have been expecting: The company is working on a set of social-networking tools known collectively as Google Me. The Los Angeles Times' report explained that Google will add a "social layer" to its products, allowing users to see how their friends may have crossed paths with them online.

Put me down as a skeptic of this. I am comfortable with a certain amount of Balkanization in my social networks online. I have to remember more passwords, but it doesn't subject my privacy to single-point-of-failure risks and lets me disclose different amounts of data to different circles of friends and acquaintances.

Google is welcome to try to convince me otherwise, but first I want to see it open up about what it does with user data and how it watches for abuse among its own employees. Saying "trust me" won't cut it, but more transparency might help.

Count me as a skeptic that the engineer Google fired is the only one who abused the company's networks. In a firm that is over flowing with geeks, if there is a way to push the envelope, trust me, they will.

Google's pleadings that it has addressed the problem have a false ring. Where is the commitment to ethics training, indoctrination on privacy principles, and other "social" controls.

You can't do it all with technology, e.g. increasing the audits. People matter first and that's where the emphasis is needed.

Whatever Google may or may not have done, what concerns me more is when I get unsolicited ads in the middle of conversations on Windows Live Messenger, which I thought was secure; upteen invites to add me as a "friend" to Windows Live and the same with Skype, where people call me in the middle of the night.

I have proposed solutions to all of these invasions of privacy to both Google and Microsoft, but got no response.

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.